How-tos

Configuring Identity Pools

Identity Pools allow for the persistent storage of user data within Cloudentity's infrastructure, thus providing the alternative to the Bring Your Own Identity (BYOID) approach typically used by Cloudentity SaaS tenants. Having added an Identity Pool to your tenant, you can connect it as an Identity Provider to specific workspaces so that the end-users can log in to Cloudentity (or register in the Identity Pool first). This document explains how to manage Identity Pools within a tenant and how to add users to Identity Pools as an administrator.

Prerequisites

  • Access to a Cloudentity tenant

Add Identity Pools in Tenant

  1. Go to Tenant settings > Identity Pools.

  2. Select Create New.

  3. Add a pool name for identification purposes.

    The name must be unique. Only alphanumeric characters (a-z, A-Z, 0-9) and whitespaces are allowed.

  4. Select Create. Your pool is created.

  5. Select your newly created pool to configure its settings and add users.

  6. On the Configuration tab, you can add a description for the newly created identity pool and modify its name.

  7. Go to the Advanced tab. Fill in the form.

    Field Description
    Payload schema Schema for the user data which both users and administrators can input
    Metadata schema Schema for the user metadata (read-only for users, can be edited by administrators)
    Authentication Mechanisms Defines which authentication mechanisms (password and/or OTP) are available for Identity Providers created from this user pool
    Public Registration Allowed Controls if this user pool is open to public user registration

    Settings Impact

    The video below shows what happens on the end user’s side when you disable the OTP authentication and public registration in the Identity Pool.

  8. Go to the Password settings to configure a password policy for this identity pool.

    Field Description
    Password Hashing Method Select a hashing algorithm to ensure passwords secure storage
    Strength Configure the required password strength value. It indicates the password’s effectiveness against guessing or brute-force attacks. Strength is based on password length, complexity, and unpredictability
    Supplementary options
    Capital letters Set the minimum number of capital letters for a password to be accepted
    Digits Set the minimum number of digits required for a password
    Minimal length Set the minimum password length
    Not used since Configure how many times a user must set a new password before they can repeat an already used one
    Special characters Set the minimum number of special characters for a password to be accepted

    The password policy you set applies to every user of the current identity pool.

    For already existing identity pools or ones recently added with no customized password policy, passwords are validated against the default rules active at the moment of the IDP creation. They are as follows:

    Legacy defaults Current defaults
    Strength: Any Strength: Fair
    Capital letters: 0 Capital letters: 0
    Digits: 0 Digits: 0
    Minimal length: 8 Minimal length: 8
    Not used since: 0 Not used since: 0
    Special characters: 0 Special characters: 0
  9. Once you complete with password configuration, click Save.

  10. In the OTP settings form, you can set the parameters for One-Time Passwords.

  11. Optionally, add the users in the Users form. If you only want users to register via the self-registration option, you can skip this step. The information below is based on the default user schema, which can be changed.

    Field Description
    First name User’s first name
    Last name User’s last name
    Email/mobile User’s means of contact for the purpose of account activation and/or password resetting
    Send invitation/set credentials Send invitation - user will receive a message allowing them to activate their account. Set credentials - set a password for the user as an administrator. If this option is selected, the user account is active immediately.
  12. Save your changes. You can now proceed to connecting your Identity Pool as an Identity Provider in a workspace. For details, see Creating Identity Pool IDP.

Configure Identity Schemas

  1. Go to Tenant settings > Identity Pools > Schemas.

  2. Select Create Schema and save your schema under a unique name.

  3. Open your schema and go to the Schema tab. This is where you define the schema as a JSON object. Initially, the default schema is shown. Take note of the top-level objects:

    Object Description
    properties An array of objects where each object represents a property to be entered by the user
    description Schema description for identification purposes. This description is displayed as a header on the user registration form.
    type Schema data type - there should be no need to change this as the schema will always be an object.
    required List of mandatory properties for user registration

    Modify the schema by adding more properties. Add mandatory properties to the required list. For example, to add an e-mail and custom properties, you can make the following modifications:

     {
     "properties": {
         "family_name": {
         "description": "user last name",
         "type": "string",
         "minLength": 1
         },
         "given_name": {
         "description": "user first name",
         "type": "string",
         "minLength": 1
         },
         "name": {
         "description": "user full name",
         "type": "string",
         "minLength": 1
         },
         "e-mail": {
         "description": "user e-mail",
         "type": "string",
         "minLength": 1
         },
         "custom": {
         "description": "Custom",
         "type": "boolean",
         "minLength": 1
     },
     },
     "description": "sample user data schema",
     "type": "object",
     "required": [
         "family_name",
         "given_name",
         "name",
         "email"
     ]
     }
    

    As a result, the required user payload (both on administrator and user side) looks as follows:

    Identity Schema for users

Updated: Sep 30, 2022